<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
</head>

<body>
<hr>

<h2>Introduction</h2>


<p>This Manual describes the
programming interface and the source code of Npcap. It provides detailed
descriptions of the functions and structures exported to programmers, along
with complete documentation of the Npcap internals. Several tutorials and
examples are provided as well.

</p>
<p>You can follow the links at the top of this page or use the tree control at 
the left to reach sections of interest.

</p>
<p>This documentation was created using the Doxygen documentation system, that can
be found at <a href="http://www.doxygen.org/index.html">http://www.doxygen.org</a>.

</p>
<h2>What is Npcap</h2>
<p>Npcap is library for packet capture and network analysis for 
the Win32 platforms.</p>
<p>Most networking applications access the network through widely used operating 
system primitives such as sockets. It is easy to access data on the 
network with this approach since the operating system copes with the low level 
details (protocol handling, packet reassembly, etc.) and provides a familiar 
interface that is similar to the one used to read and write files.

</p>
<p>Sometimes, however, the 'easy way' is not up to the task, since some 
applications require direct access to packets on the network. That is, they 
need access to the &quot;raw&quot; data on the network without the interposition of 
protocol processing by the operating system. </p>
<p>The purpose of Npcap is to give this kind of access to Win32 applications; 
it provides facilities to:</p>
<ul>
	<li>capture
    raw packets, both the ones destined to the machine where it's running and
    the ones exchanged by other hosts (on shared media)</li>
	<li>filter
    the packets according to user-specified rules before dispatching them to the
    application</li>
	<li>transmit raw packets to the network</li>
	<li>gather statistical information on the network traffic</li>
</ul>
<p>This set of capabilities is obtained by means of a device driver, which is 
installed inside the networking portion of Win32 kernels, plus a couple of DLLs.</p>
<p>All these features are exported through a powerful programming interface, 
easily usable by the applications and available on different OSes. The main 
goal of this manual is to document this interface, with the help of several 
examples. If you are interested in starting your exploration right away 
you can go directly to the <a href="group__wpcap.html">Npcap user's manual</a>.</p>

<h3>What kind of programs use Npcap</h3>
<p>The Npcap programming interface can be used by many types of network tools 
for analysis, troubleshooting, security and
monitoring. In particular, classical tools that rely on Npcap are:</p>

<ul>
  <li>network and protocol analyzers</li>
  <li>network monitors</li>
  <li>traffic loggers</li>
  <li>traffic generators</li>
  <li>user-level bridges and routers</li>
  <li>network intrusion detection systems (NIDS)</li>
  <li>network scanners</li>
  <li>security tools</li>
</ul>
<h3>What Npcap can't do</h3>
<p>Npcap receives and sends the packets <i>independently</i> from the host 
protocols, like TCP/IP. This means that it isn't able to block, filter or 
manipulate the traffic generated by other programs on the same machine: it 
simply &quot;sniffs&quot; the packets that transit on the wire. Therefore, it does not 
provide the appropriate support for applications like traffic shapers, QoS 
schedulers and personal firewalls. </p>

<h2>Purpose of this manual</h2>
<p>The purpose of this manual is to provide a comprehensive and easy way to 
browse the documentation of the Npcap architecture. You will find two main 
sections: <a href="group__wpcap.html">Npcap user's manual</a> and <a href="group__internals.html">Npcap Internals</a>.</p>
<p>The first one can be used by a programmer who needs to use Npcap from 
an application: it contains all the information about functions and data 
structures exported by the Npcap API, a manual that explains how to write 
packet filters and a page that explains how to include it in an application. A 
tutorial with several code samples is provided as well; it can be used to learn 
the basics of the Npcap API using a step-by-step approach, but it also offers 
code snippets that demonstrate advanced features.</p>
<p>The second section is intended for Npcap developers and maintainers, or for 
people who are curious about how this system works: it provides a general 
description of the Npcap architecture and explains how it works. Additionally, 
it documents the complete device driver structure, the source code, the Packet.dll 
interface and the low-level Npcap API. 
If you want to understand what happens inside Npcap or if you need to extend 
it, this is the section you will want to read.</p>
<h2>Additional Documentation</h2>
<p>For additional and up-to-date documentation, we suggest that you look at <a href="http://nmap.org/npcap/guide/">http://nmap.org/npcap/guide/</a>
</p>

<h2>Terminology</h2>
<ul>
  <li>For consistency with the literature, we will use the term <i>packet</i> even
    though <i>frame</i> is more accurate since the capture process is done at 
	the data-link layer and the data-link header is included in the captured 
	data.</li>
  <!-- TODO: Change or remove this section depending on what OS versions are supported and discussed -->
  <li>The term Win9x will be used in this documentation to indicate the family of
    Microsoft OSes made up of Windows 95 and its derivatives, i.e. Windows 98 and
    Windows ME. The term WinNTx will indicate the OSes built upon the NT kernel, 
	starting from Windows NT 4 and including Windows 2000, Windows XP,
    Windows Server 2003 and so on.</li>
</ul>

</body>

</html>
